Thank you to @beet1e( from Shanghai Jiao Tong University and @chenlibo147 , @houqinsheng, from Shandong University.

Please review for indepth information about the SSRF vulnerability (CVE-2023-27163).

This code is for enumerating the internal server using the SSRF in request-baskets.

If anything looks incorrect or any adjustments should be made please feel free to inform me


-w - Wordlist
-target - The target url with request basket api url to add baskets
-dynamic - The name of the link you'd like to create to view internal server.
-internal_target - The internal target url
-ms - Milliseconds

-w raft-test.txt -target "" -dynamic "test" -internal_target ""

Stdout should look like:

Page Link: web

Content Length: 2394

Request to reach URL: